IP Network Security

Our multi-layer embedded approach to IP network security begins at the IP silicon layer with the FP5 chipset at the heart of our 7750 SR and 7950 XRS series of routers. FP5 provides the filtering scale and performance headroom necessary to be a highly precise attack sensor and mitigation element. It provides the universal encryption (ANYsec) required to secure any service, over any transport, at any time. Both capabilities can be used at line rate – without impacting the performance of other services running on the same chipset. This ensures network performance and service quality remain high even during the most intense DDoS attacks.

At the network OS layer, our highly secure and hardened SR OS is designed and tested to block attempts at manipulation and unauthorized access. SR OS leverages highly granular queueing in FP5 to limit every control plane interaction to its fair-share slice of the control plane CPU. This stops volumetric attacks from overwhelming the control plane processor, without impacting legitimate control plane interactions.

At the tools and applications layer, our integrated, high-performance IPsec gateway (Nokia Secure Gateway) inherits the scale, resiliency, and security of the carrier-grade 7750 SR infrastructure. A single Nokia Secure Gateway can support up to 32,000 base stations and up to 960GB/s of encrypted traffic. 

Our Nokia SR OS Firewall protects the integrity of the control and management planes between trusted zones.

At the application level, our Deepfield Defender provides multi-dimensional intelligence, analytics, and automation that use the network infrastructure to quickly identify and mitigate DDoS attacks.

CSPs can now leverage Nokia's quantum-safe MACsec/ANYsec encryption to ensure the confidentiality and integrity of all data flowing through their networks and protect against current and future threats associated with quantum computers. Integration with the 1830 Security Management Server (SMS) enables centralized pre-shared encryption key management across Nokia IP and optical network portfolios, and the ability to leverage quantum-based keys with Quantum Key Distribution (QKD).
 
Specifically designed for CSP networks, MACsec/ANYsec leverages FP5 silicon to extend the low latency and simplicity of MACsec encryption to tunnels, flows and slices engineered using MPLS, Segment Routing and IP. With FP5, network encryption becomes a universal function of the network itself.

Nokia's MACsec/ANYsec implementation provides CSPs with the freedom to transform IP services into secure IP services on demand. Instead of treating encryption as an expensive, complex and limited capability that requires significant advanced planning, SPs can turn on encryption whenever and wherever it is required. This can be done natively no matter what service or network transport is being used, and without impacting the performance of any other service running on the same chipset.

Due to the prohibitive cost and limited scale of traditional DDoS solutions, CSPs have only been able to protect a few select customers or a portion of their network from DDoS attacks.

With IP security embedded within the network, you can protect your whole network and all your customers, all the time. Deepfield Defender and 7750 SR and 7950 XRS series routers shield you from all types of attacks (such as multivector, spoofing, botnet, or carpet bombing), from any origin (inbound or outbound), towards any target (not just protected targets), on any boundary (core, peering, data center, or service edge).

By stopping all customer directed attacks at the edge of your network, service quality and network performance always remain high.

It’s about protecting your brand and business: customers want a network that won’t let them down and providing one will help to reduce churn.